﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data.SqlClient;
using System.Data;

namespace 登陆页面
{
    class Program
    {
        static void Main(string[] args)
        {
            string SqlStr = @"Data Source=.; Initial Catalog=Mydb_1;User ID=sa;Password=13817995048";
            Console.WriteLine("请输入用户名：");
            string username = Console.ReadLine();
            Console.WriteLine("请输入密码：");
            string password = Console.ReadLine();

           //登陆的实现，到数据库进行身份的判别
           /* using (SqlConnection conn = new SqlConnection(SqlStr))
            {
                conn.Open();
                using (SqlCommand cmd = conn.CreateCommand())
                {
                    cmd.CommandText = "select * from login_1 where Username like '" + username + "'";
                    using (SqlDataReader reader = cmd.ExecuteReader())
                    {
                        if (reader.Read())
                        {
                            //用户名存在
                            string dbPassword = reader.GetString(reader.GetOrdinal("Password"));
                            if (password == dbPassword)
                            {
                                Console.WriteLine("登陆成功！");
                            }
                            else
                            {
                                Console.WriteLine("密码错误，登陆失败！");
                            }
                        }
                        else
                        {
                            Console.WriteLine("用户名不存在！");
                        }
                    }
                }
            }*/


           //注册的实现--往数据库中插入数据
           /* using (SqlConnection conn = new SqlConnection(SqlStr))
            {
                conn.Open();
                using (SqlCommand cmd = conn.CreateCommand())
                {
                     cmd.CommandText = "insert into login_1(Username,Password) values('"+username+"','"+password+"')";
                     cmd.ExecuteNonQuery();
                     Console.WriteLine("插入成功！");
                }
            }*/

          /*读取刚刚插入数据的某一项
           * using (SqlConnection conn = new SqlConnection(SqlStr))
            {
                conn.Open();
                using (SqlCommand cmd = conn.CreateCommand())
                {
                   // cmd.CommandText = "select count(*) from login_1";
                    cmd.CommandText = "insert into [login_1](username,password)  output inserted.username  values('kate','13245')";
                    string i = Convert.ToString(cmd.ExecuteScalar());
                    Console.WriteLine(i);
                }
            }*/


          /*读取数据库
            using (SqlConnection conn = new SqlConnection(SqlStr))
            {
                conn.Open();
                using (SqlCommand cmd = conn.CreateCommand())
                {
                    cmd.CommandText = "select * from login_1";
                    using (SqlDataReader reader = cmd.ExecuteReader())
                    {
                        while (reader.Read())
                        {
                            string un = reader.GetString(reader.GetOrdinal("Username"));
                            string psw = reader.GetString(reader.GetOrdinal("Password"));
                            Console.WriteLine("{0},{1}",un, psw);
                        }
                    }
                }
            }*/

            //登陆的另一种写法,易招攻击
          /*  using (SqlConnection conn = new SqlConnection(SqlStr))
            {
                conn.Open();
                using (SqlCommand cmd = conn.CreateCommand())
                {
                    cmd.CommandText = "select count(*) from login_1 where username='"+username+"' and password='"+password+"'";
                    int i = Convert.ToInt32(cmd.ExecuteScalar());
                    if (i > 0)              //如果用户输入密码为  1' or '1'='1  的照样可以进
                    {
                        Console.WriteLine("OK");
                    }
                    else
                    {
                        Console.WriteLine("ERROR");
                    }
                }
            }*/

            //参数化查询
            using (SqlConnection conn = new SqlConnection(SqlStr))
            {
                conn.Open();
                using (SqlCommand cmd = conn.CreateCommand())
                {
                    cmd.CommandText = "select count(*) from login_1 where username=@un and password = @psw";
                    cmd.Parameters.Add(new SqlParameter("un",username));
                    cmd.Parameters.Add(new SqlParameter("psw",password));
                    int i = Convert.ToInt32(cmd.ExecuteScalar());
                    if (i > 0)
                    {
                        Console.WriteLine("OK");
                    }
                    else
                    {
                        Console.WriteLine("ERROR");
                    }
                }
            }
            Console.WriteLine("ok");
            Console.ReadKey();
        }
    }
}
